Internet of Things (IoT) devices are typically designed to function in a secure, closed environment, making it difficult for users to comprehend devices' behaviors. This paper shows that a user can leverage side-channel information to reason fine-grained internal states of black box IoT devices. The key enablers for our design are a multi-model sensing technique that fuses power consumption, network traffic, and radio emanations and an annotation interface that helps users form mental models of a black box IoT system. We built a prototype of our design and evaluated the prototype with open-source IoT devices and black-box commercial devices. Our experiments show a false positive rate of 1.44% for open-source IoT devices' state probing, and our participants take an average of 19.8 minutes to reason the internal states of black-box IoT devices.

翻译：物联网设备通常设计为在安全封闭的环境中运行，这使得用户难以理解设备的行为。本文证明用户可利用侧信道信息推理黑盒物联网设备的细粒度内部状态。我们设计的关键支撑在于多模态感知技术——融合功耗、网络流量与无线电辐射信号，以及帮助用户构建黑盒物联网系统心智模型的标注界面。我们实现了系统原型，并使用开源物联网设备与商业黑盒设备进行评测。实验表明，开源设备状态探测的假阳性率为1.44%，参与者平均耗时19.8分钟即可推理出黑盒物联网设备的内部状态。